Opposition MP questions government’s use of citizens’ data

Nationalist MP Claudette Buttigieg has questioned the way in which the government is using citizens’ data on the eve of the coming into force of the EU’s new General Data Protection Regulations (GDPR).

Speaking in parliament during the second reading of the Data Protection Bill, Buttigieg said referred to the fact that the public was recently informed that it would need to register in order to attend the annual Isle of MTV free concert at the Floriana granaries, and questioned the government’s explanation, that the measure was necessary for security reasons.

She asked why similar systems were not used for other events at the location, including mass meetings organised by both parties.

Moreover, she said that the event’s terms and conditions, which attendees needed to accept in order to attend, stated that the information submitted could be used for purposes other than the event’s organisation.

“Will it be used for commercial reasons or politically?” Buttigieg asked.

She said there were similar concerns with healthcare data, especially when one considered that Malta only had one hospital that collected data from the entire population.

Such data, she said, was very valuable to organisations who were carrying out various types of research and who would surely be willing to pay good money for it. 

Buttigieg said she was disappointed that parliament was only discussing the law on the eve of its coming into force, especially when one considered the law has been being discussed on a European level for over two years.

Small businesses not given enough information

The PN MP also accused the government of not giving NGOs and small business enough information, insisting that many small business owners had contacted her to express their concern about what the new regulations would mean for them.

The regulations include penalties for non-compliance of up to €20 million, or 4% of a company’s turnover, adding that she “imagined” this would not be enforced with companies would “made a genuine mistake in the way it collected and stored its data”.

Buttigieg said the law was intended for large multi-national companies like Google but contained no provisions that distinguished between small and larger businesses.

“There is nothing indicating that small businesses can’t face this, and this is what is worrying small businesses,” she said. “I would like to know how we are going to give people peace of mind.”

Buttigieg added that she assumed that fines would not start being dished out as of tomorrow, but operators would rather be given a warning instead.

Government preparations underway since 2012

Speaking after Buttigieg, parliamentary secretary for consumer protection Deo Debattista said the new law would be updating Malta’s data laws, which were introduced back in 2003.

He said the law would also be establishing national regulations, as well as a supervisory body that would monitor data protection laws.

Moreover, Debattista stressed that the government had made the necessary preparations for it to be in conformity with the regulations, adding that work in this regard had started in August 2012.

Finally, on whether the public had been adequately informed, Debattista said the Office of the Data Protection Commissioner had undertaken a number of educational campaigns both with businesses as well as the public in general, and that it would continue to act as a reference point going forward.